7. What Are Your Rights?
I. Requests to Access, Rectify or Erase
1. Access Request
You have the right to ask us whether we hold any Personal Data relating to you and, if we do, to be provided with a copy of that Personal Data in electronic form, unless you want to receive it in another way (for example, a paper copy). In addition, you can ask us for information on how we use your Personal Data, who we share it with, how long we keep it, where it is stored, and other information to help you understand how we use it.
2. Rectification Request
You have the right to ask us to correct your Personal Data (including by means of providing a supplementary statement) if it is inaccurate and to have incomplete Personal Data updated without undue delay. If we cannot correct the Personal Data, we include a note on our files regarding your request to correct your Personal Data.
3. Erasure Request
You have the right to ask us to erase your Personal Data if:
- Your Personal Data are no longer necessary for the purpose(s) they were collected for
- Your Personal Data have been unlawfully processed
- Your Personal Data must be erased to comply with a regulation
- You withdraw your consent for the processing of the Personal Data (and if this is the only basis on which we are processing your Personal Data)
- You object to processing that is based on our legitimate interests, provided there are no overriding legitimate grounds for continued processing, or
- You object to processing for direct marketing purposes.
If we have made the Personal Data concerned public, we will also take reasonable steps to inform other data controllers processing the data so they can seek to erase links to or copies of your Personal Data.
We may refuse to act on your request to erase your Personal Data if the processing of your Personal Data is necessary:
- To exercise our right of freedom of expression and information
- To comply with the NDPR and relevant Nigerian laws
- For the performance of a task carried out in the public interest or to exercise official authority vested in us
- To establish, exercise or defend legal claims.
In these cases, we can restrict the processing instead of erasing your Personal Data if requested to do so by you.